Re: [EXT] Re: [PATCH net-next v5 3/7] net: macsec: indicate next pn update when offloading
From: Igor Russkikh
Date: Tue Sep 26 2023 - 08:17:08 EST
Hi guys,
> On 21.09.2023 18:11, Sabrina Dubroca wrote:
>> 2023-09-20, 12:22:33 +0300, Radu Pirea (NXP OSS) wrote:
>>> Indicate next PN update using update_pn flag in macsec_context.
>>> Offloaded MACsec implementations does not know whether or not the
>>> MACSEC_SA_ATTR_PN attribute was passed for an SA update and assume
>>> that next PN should always updated, but this is not always true.
>>
>> This should probably go through net so that we can fix some drivers
>> that are currently doing the wrong thing. octeontx2 should be
>> fixable. atlantic looks like it would reset the PN to whatever was
>> read during the last dump, and it's unclear if that can be fixed
>> (AFAIU set_egress_sa_record writes the whole config at once). mscc
Thats correct, atlantic hardware requires full table to be in data buffer registers.
I really doubt its possible to skip PN writing.
>> doesn't seem to modify the PN (even if requested -- should it should
>> reject the update), and mlx5 doesn't allow PN update (by storing the
>> initial value of next_pn on SA creation).
>
> I updated octeontx2, mssc and mlx5. Atlantic is unclear.
>
> Mark, Igor, in the atlantic MACsec driver, can the SAs be updated
> without a PN update?
Reviewed the code and the docs I have - my view is it can not.
All the packed record in macsec_api.c:set_egress_sa_record is expected by hardware in full.
Regards,
Igor